Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Self Hosted Nightscout Instance

This document describes making a self hosted nightscout instance, with SSL encryption and certificate with Let's Encrypt.

Ubuntu Machine

Make a fresh instance of Ubuntu 16.04.1 LTS as a VM or on a physical machine Download from http://www.ubuntu.com/download/server/thank-you?version=16.04.1&architecture=amd64

VIrtual machine host options :

  1. Virtualbox - https://www.virtualbox.org/
  2. Parallels - https://www.parallels.com/
  3. Vmware - https://www.vmware.com/ - various options including vmware workstation, vmware player, ESXi

Alternatively, consider hosting your Ubuntu instance elsewhere, for example:

  1. https://www.digitalocean.com/
  2. https://linode.com/

Update the Ubuntu instance: sudo apt-get update && sudo apt-get upgrade

Update node:

sudo npm cache clean -f
sudo npm install -g n
sudo n stable

Install CGM-Remote-Monitor (Nightscout)

Install Node.js and npm sudo apt-get install nodejs npm

Download cgm-remote-monitor (nightscout) from github: git clone https://github.com/nightscout/cgm-remote-monitor.git Alternatively fork a copy of cgm-remote-monitor and clone your own copy.

cd cgm-remote-monitor

Install cgm-remote-monitor: git checkout dev npm install

setup your cgm-remote-monitor environment as you normally would, for example creating a file my.env :

MONGO_CONNECTION=MONGOCONNECTIONSTRING
DISPLAY_UNITS=mmol
BASE_URL=NIGHTSCOUT_SITE_URL
DEVICESTATUS_ADVANCED="true"
mongo_collection="mogocollection_name"
API_SECRET=AVeryLongString
ENABLE=careportal%20openaps%20iob%20bwp%20cage%20basal%20pump%20bridge
BRIDGE_SERVER=EU
BRIDGE_USER_NAME=USERNAME
BRIDGE_PASSWORD=PASSWORD

Install pm2 to monitor nightscout processs

sudo npm install pm2 -g

Start cgm-remote-monitor with pm2: env $(cat my.env) PORT=1337 pm2 start server.js

Make pm2 start cgm-remote-monitor on startup pm2 startup ubuntu - this will give you a command you need to run as superuser to allow pm2 to start the app on reboot The command will be something like: sudo su -c "env PATH=$PATH:/usr/bin pm2 startup ubuntu -u username --hp /home/username" And then: pm2 save

Create Reverse nginx proxy

Install nginx:

sudo apt-get install nginx

edit this file:

sudo vi /etc/nginx/sites-available/default Delete the existing contents and replace with this: I'm assuming the proxy is on the same host as nightscout and the proxy_pass http://127.0.0.1:1337 line - 1337 is replaced with the port that nightscout is using

server {
    listen 80;

    server_name example.com;

    location / {
        proxy_pass http://127.0.0.1:1337;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Then restart the nginx service sudo service nginx restart

Let's Encrypt SSL

install Let's Encrypt sudo apt-get install letsencrypt python-certbot-nginx

Obtain SSL certificate using webroot plugin Allow access to /.well-known directory for Lets Encrypt sudo nano /etc/nginx/sites-available/default

Stop ngnix service sudo service nginx stop

Obtain letsencrypt certificate - sudo letsencrypt certonly enter your domain name when prompted. This will create the certificates for your domain name. The certificates should now be available at /etc/letsencrypt/live/your_domain_name

improve SSL security by generating a strong Diffie-Hellman group sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Add this to the etc/nginx/sites-enabled/defaults file:

server {
        listen       443 ssl;
      	 server_name   your_domain_name;
        root         /usr/share/nginx/html;
	
	ssl_certificate     /etc/letsencrypt/live/your_domain_name/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/your_domain_name/privkey.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E
CDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECD
HE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA3
84:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-
RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-S
HA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DE
S-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        location ~ /.well-known {
                allow all;
        }


        location / {
		proxy_pass http://localhost:1337/;  # Note port number for your cgm-remote-monitor should be changed if it isn't 1337
        }

}

restart nginx sudo service nginx restart

You can test the quality of the SSL connection using: https://www.ssllabs.com/ssltest/analyze.html?d=your_domain_name Unfortunately only works with port 443

Arrange auto renewal of certificates. Add this line to the su crontab sudo crontab -e

30 2 * * 1 certbot renew >> /var/log/le-renew.log

Hopefully that is now done!

@Heiner1

This comment has been minimized.

Copy link

Heiner1 commented Sep 29, 2016

Hello John
I'm very interested on installing nightscout locally and are happy to find your installation guide. I set up a new ubuntu server on virtualbox.
Is it necessary to create a new mongodb database outside of my computer, or can I also create an mongodb instance locally? The mongodb packages are available on ubuntu, but I don't know how to configure them to get the correct working mongodb connection strings? All the nightscout-instructions are using existing mongodb accounts. But if I install my own local nightscout server I also want to have may own local database. Sorry for my not perfect English, I'm from Germany, T1D since 1985 , using Freestyle Libre and LimiTTer as transmitter diplayed with xDrip+.
Thanks in advance
Yours
Heiner

@johnmales

This comment has been minimized.

Copy link
Owner Author

johnmales commented Oct 26, 2016

Hi Heiner,

Apologies I didn't see this earlier. You can create a local mongodb instance. I have done this and will update my instructions to include a local mongodb database.

Regards
John

@jyaw

This comment has been minimized.

Copy link

jyaw commented Dec 7, 2016

Thanks! Was able to get NS installed on a digital ocean ubuntu instance using these instructions as a starting point. Will probably setup a gist for my own setup when I'm finished. Just a couple notes on the domain/nginx setup, for the novice setting up an Ubuntu digital ocean server (myself included). Thought these might be helpful to others:
I setup a domain with a registrar and then followed the digitalocean instructions here
Some of the nginx steps are elaborated on at the digital ocean instructions here

@st0ber

This comment has been minimized.

Copy link

st0ber commented Apr 8, 2018

This Manual is more than 1 year old. Can i use this Manual today? Can you please explain how to Setup mongodb?
Thx

@ruletistul2000

This comment has been minimized.

Copy link

ruletistul2000 commented Apr 12, 2018

Hi all. Can someone please detail how to install/setup a mongodb instance on the linux server with the nightscout deployment. Thank you.

@johnmales

This comment has been minimized.

Copy link
Owner Author

johnmales commented Apr 24, 2018

These gists are relevant now, no changes required. Setting up a local mongo database is how I use this, running on the same host that runs the night scout instances.

@lsandini

This comment has been minimized.

Copy link

lsandini commented Jun 8, 2018

Hi John. I tried your approach and immediately ran into trouble. I see you removed the installation of the nodejs-legacy package, but I had to restore it in order to run the npm install to the end.

Also configuring the mongoDB isn't easy for a beginner, any help on this would be really appreciated, thank you.

@bassettb

This comment has been minimized.

Copy link

bassettb commented Jun 28, 2018

MongoDB shouldn't require any configuration. Just install it locally. Then use this connection string in your nightscout env:
MONGO_CONNECTION=mongodb://localhost/admin

Also, instead of "pm2 start ubuntu", it should be "pm2 startup ubuntu". That gives you the command to use that instructs linux to start PM2 on startup.

I believe you also need a call to "pm2 save" so that pm2 will remember which apps to start after a reboot.

@lsandini

This comment has been minimized.

Copy link

lsandini commented Jul 29, 2018

I completed this gist and put it in my github account, please have a look at it and correct me if you find errors. I now have registered a domain name with GoDaddy and redirecting the requests to my Digital Ocean droplet, where my NS and mongodb are running on the same virtual machine, :)

https://gist.github.com/lsandini/2f94396cdeb62aacb2c454e5522d00f9

@johnmales

This comment has been minimized.

Copy link
Owner Author

johnmales commented Aug 19, 2018

Thanks @bassettb - I have updated as per your corrections. Much appreciated!

@lsandini - I couldn't see any errors, I hope the login/password you used are examples rather than your actual passwords. Hope it is working for you 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.